---
- name: mount fs
  import_tasks: "mount_fs.yml"

- name: setup networking
  import_tasks: "network.yml"

# pre-create copr user and group with predefined uid and gid
- group: name=copr gid=986
- user: name=copr group=copr uid=989

- name: install copr-backend and copr-selinux
  dnf: state=latest name={{ item }}
  with_items:
  - copr-backend
  - copr-selinux

- name: add additional packages for copr-backend
  dnf: state=present name={{ item }}
  with_items:
  - python-novaclient
  - python-glanceclient
  - python-neutronclient
  - python-keystoneclient
  - php-cli

- name: make copr dirs
  file: state=directory path={{ item }}
  with_items:
  - /var/lib/copr/jobs
  - /var/lib/copr/public_html/results

- name: setup dirs there
  file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
  with_items:
  - cloud
  - .ssh

- name: add copr-buildsys keys to copr user path
  copy: src="{{ item }}" dest=/home/copr/cloud/ owner=copr group=copr mode=0600
  with_fileglob:
   - "{{ private }}/files/openstack/copr-copr/*"

- name: setup privkey for copr user
  copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600

- name: setup copr user ssh config file
  copy: src="ssh_config" dest=/home/copr/.ssh/config  owner=copr group=copr mode=600

- name: check known_hosts file
  command: stat /home/copr/.ssh/known_hosts
  register: hostsstat
  check_mode: no
  changed_when: "1 != 1"
  ignore_errors: yes

- name: create empty known_hosts
  file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
  when: hostsstat.rc == 1

- name: replace bashrc for copr user
  copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600

- name: auth_key so we can login to localhost as the copr user from the copr user
  authorized_key: user=copr key="{{ item }}"
  no_log: True
  with_file:
  - "provision/files/buildsys.pub"

- name: copy keystonerc
  template: src="keystonerc" dest=/root/ owner=root group=root mode=600
  when: not devel

- name: copy .boto file
  copy: src="boto" dest=/home/copr/.boto owner=copr group=copr

# setup webserver
- name: add config for copr-repo path
  copy: src="{{ _lighttpd_conf_src }}" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
  notify:
  - restart lighttpd

- name: install certificates for production
  when: not devel
  import_tasks: "install_certs.yml"

- name: allow lighttpd set fds limit
  seboolean: name=httpd_setrlimit state=yes persistent=yes

- name: create directory for compress module of lighttpd
  file: path=/var/cache/lighttpd/compress owner=lighttpd group=lighttpd mode=0644 state=directory

# mime default to text/plain and enable dirlisting for indexes
- name: update lighttpd configs
  copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
  with_items:
  - dirlisting.conf
  - mime.conf
  notify:
  - restart lighttpd

- name: install custom lighttpd template for directory listings
  template: src="lighttpd/dir-generator.php.j2" dest="/var/lib/copr/public_html/dir-generator.php" owner=copr group=copr mode=0755

- name: start webserver
  service: state=started enabled=yes name=lighttpd

# setup dirs for the ansible execution off of provisioning
#- name: dirs from provision
#  file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
#  with_items:
#  - action_plugins
#  - library
#  tags:
#  - provision_config

- name: put ansible.cfg for all this into /etc/ansible/ on the system
  copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
  tags:
  - provision_config

- name: put provisioning files
  synchronize: src="provision/" dest="/home/copr/provision/"
  tags:
  - provision_config

- name: put some files into the provision subdir
  template: src="provision/nova_cloud_vars.yml" dest="/home/copr/provision/nova_cloud_vars.yml" owner=copr group=copr
  tags:
  - provision_config

- name: put copr-rpmbuild configuration file into the provision subdir
  template: src="provision/copr-rpmbuild/main.ini.j2" dest="/home/copr/provision/files/main.ini" owner=copr group=copr
  tags:
  - provision_config

- name: testing fixture
  copy: dest="/home/copr/cloud/ec2rc.variable" content=""
  when: devel

- name: copy copr-be.conf
  template: src="copr-be.conf.j2" dest=/etc/copr/copr-be.conf  owner=root group=copr mode=640
  notify:
  - restart copr-backend
  tags:
  - config

- name: copy sign.conf
  template: src=sign.conf dest=/etc/sign.conf  owner=root group=copr mode=640
  tags:
  - config

- name: get owner for results dir
  stat: path=/var/lib/copr/public_html
  register: copr_results_dir_st

- name: change owner for results dir if it isn't copr
  shell: "chown -R copr:copr /var/lib/copr/public_html"
  when: copr_results_dir_st.stat.pw_name != "copr"

- command: "ls -dZ /var/lib/copr/public_html/"
  register: public_html_ls

- name: update selinux context for results if root folder does not have proper type
  command: "restorecon -vvRF /var/lib/copr/public_html/"
  when: public_html_ls is defined and 'copr_data_t' not in  public_html_ls.stdout

- name: install cert to access fed-cloud09
  # TODO: remove this when fed-cloud09 receives external cert
  import_tasks: install_cloud_cert.yml

- name: enable and run copr-backend services
  service: name="{{ item }}" enabled=yes state=started
  with_items:
  - redis       # TODO: .service in copr-backend should depend on redis
  - copr-backend

- copy: src="cleanup_vm_nova.py" dest=/home/copr/ mode=755

- copy: src="cleanup_vms.sh" dest=/etc/cron.hourly/copr_cleanup_vms.sh mode=755
  when: not devel

- name: install lighttpd logrotate config
  copy: src="logrotate/lighttpd" dest=/etc/logrotate.d/lighttpd owner=root group=root mode=644

- name: setup monitoring
  import_tasks: "monitoring.yml"

- name: setup fedmsg for MBS
  import_tasks: "fedmsg.yml"
  when: env == "staging"
